certbot offers multiple ways to obtain a certificate. Let’s pick the
temporarywebserver option since it doesn’t require any additional
configuration. The only prerequisite though is that the Rasa Platform
has to be stopped so that webserver can bind to port 443 properly. To stop
the Platform, run:

$ sudo docker-compose down

Now, run the following to start the interactive process to obtain the
SSL certificate:

$ sudo certbot certonly

It’ll first ask you to pick the authentication method:

How would you like to authenticate with the ACME CA?
-------------------------------------------------------------------------------
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1

Then, accept the Terms of Services and decide if you’d like to share your
email address with the EFF:

-------------------------------------------------------------------------------
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. You must agree
in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel: A
-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------
(Y)es/(N)o: N

After that finished successfully, you’ll see a message similar to the one below:

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/rasa.example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/rasa.example.com/privkey.pem
Your cert will expire on 2018-02-07. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"

Your certificate has been generated and is now saved on the machine at
/etc/letsencrypt/live/rasa.example.com/. Please run the following to copy
them over to the appropriate directory so that the docker container can access
them:

Let’s Encrypt certificates are short-lived, this means
they expire after 90 days. This means that you’ll have to renew them
on a regular basis. Thankfully this can be done with certbot as well.
Run the following commands in order to renew your certificate.